Windows login page bypassed (not by me)

Jsizzle

Member
Started my computer.
Windows login pages comes up requesting my password.
I go to get something to eat (1omins or so).
When I come back my desktop is showing, not the Windows login page requesting my password.
I don't have the greatest memory but I am fairly certain ( I could be wrong, however) that I never put my password in.
I'm very concerned.
Currently running Malwarebytes and then Norton Security Scan, will post results.
Advice?
Any way to tell who put the password in?
 

My Computer

Can you be set for automatic login (no login)?
http://www.vistax64.com/tutorials/66966-logon-automatically.html
http://news.softpedia.com/news/Bypass-the-Windows-Vista-Logon-Screen-51806.shtml
Check the settings

If it continues to happen
Try in safe mode
Try with clean boot
http://support.microsoft.com/kb/929135
To test if problem happens in these modes.

Report the result of the scans-anti virus and malwarebytes

You may have inadvertently put the password in. If you cannot find the cause of the problem. Wait until it happens again to be sure.

Type event viewer in search and look for any errors at the time
 
Last edited:

My Computer

System One

  • Manufacturer/Model
    Dell XPS420
    Memory
    6 gig
    Graphics card(s)
    ATI Radeon HD3650 256 MB
    Sound Card
    Intergrated 7.1 Channel Audio
    Monitor(s) Displays
    Dell SP2009W 20 inch Flat Panel w Webcam
    Hard Drives
    640 gb
    Cooling
    Fan
    Mouse
    Dell USB 4 button optical
    Keyboard
    Dell USB
    Other Info
    DSL provided by ATT
Hi Jsizzle,

There's no way to tell who put in the password. Is there anyone in the house who could have done it (even if you think they don't know your password)?

I would test this a couple of additional times to see if it repeats. Does the computer continue to login automatically after 10 minutes or so or does it remain on the logon screen until you enter the password (give it 30 minutes or so)? Please do check this a few times and post the results. How many users are there on the computer? How many are standard users and how many are administrators? Is the built-in administrator account enabled? Is the guest account enabled? What type of account is your account?

Running the scans (be sure to update them first and do full scans) is an excellent idea and I would have suggested it if you weren't already doing it. Please do post the results (screenshots or attaching copies of the logs would be fine).

After this (and the recommendations and possibilities Richard suggested above), we'll see where we stand and what if anything needs to be done. Try not to be too concerned. We'll figure this out if it repeats, we'll bring in a security expert if the scans turn up anything nasty, you'll verify nobody else in the house did it (somehow), you'll try Richard's suggestions, and if it doesn't continue to occur and none of these things turn up anything suspicious, then maybe you did forget and there's no problem at all. Please do answer all our questions in your next post.

Thanks and good luck!
 

My Computer

System One

  • Manufacturer/Model
    Dell Inc. MP061 Inspiron E1705
    CPU
    2.00 gigahertz Intel Core 2 Duo 64 kilobyte primary memory
    Motherboard
    Board: Dell Inc. 0YD479 Bus Clock: 166 megahertz
    Memory
    2046 Megabytes Usable Installed Memory
    Graphics card(s)
    ATI Mobility Radeon X1400 (Microsoft Corporation - WDDM) [Di
    Sound Card
    SigmaTel High Definition Audio CODEC
    Monitor(s) Displays
    Generic PnP Monitor (17.2"vis)
    Screen Resolution
    1920 x 1200 pixels
    Hard Drives
    Hitachi HTS541616J9SA00 [Hard drive] (160.04 GB) -- drive 0, s/n SB2411SJGLLRMB, rev SB4OC74P, SMART Status: Healthy
    Case
    Chassis Serial Number: 5YK95C1
    Mouse
    Logitech HID-compliant Cordless Mouse
    Keyboard
    Standard PS/2 Keyboard
    Internet Speed
    1958 Kbps download ; 754.8 Kbps upload
    Other Info
    Optiarc DVD+-RW AD-5540A ATA Device [CD-ROM drive] Dell AIO Printer A940 Conexant HDA D110 MDC V.92 Modem 6TO4 Adapter Broadcom 440x 10/100 Integrated Controller Broadcom 802.11n Network Adapter Microsoft ISATAP Adapter Teredo Tunneling Pseudo-Interface Router Linksys / WRT54G -01
Norton Scan Results:

Scan Stats:
Scan Time: 6691 seconds
Scan Options:
Scan Targets: C:\, D:\
Counts:
Total items scanned: 673,332
- Files & Directories: 667,065
- Registry Entries: 594
- Processes & Start-up Items: 5,441
- Network & Browser Items: 224
- Other: 4
- Trusted Files: 0
- Skipped Files: 21,060

Total security risks detected: 1
Total items resolved: 1
Total items that require attention: 0

Resolved Threats:
Trojan Horse
Type: Compressed
Risk: High (High Stealth, High Removal, High Performance, High Privacy)
Categories: Virus
Status: Fully Resolved







Malwarebytes Scan:
Malwarebytes' Anti-Malware 1.50.1.1100
Malwarebytes

Database version: 5592

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18999

1/24/2011 8:35:00 PM
mbam-log-2011-01-24 (20-35-00).txt

Scan type: Full scan (C:\|D:\|)
Objects scanned: 358100
Time elapsed: 1 hour(s), 13 minute(s), 1 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 2
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 8
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\.pox (Rogue.FixTool) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\pofile (Rogue.FixTool) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
c:\program files\perfect optimizer (PUP.PerfectOptimizer) -> Not selected for removal.
c:\program files\perfect optimizer\Backup (PUP.PerfectOptimizer) -> Not selected for removal.
c:\program files\perfect optimizer\Backup\application (PUP.PerfectOptimizer) -> Not selected for removal.
c:\program files\perfect optimizer\Backup\Registry (PUP.PerfectOptimizer) -> Not selected for removal.
c:\program files\perfect optimizer\Backup\Registry\firstbackup (PUP.PerfectOptimizer) -> Not selected for removal.
c:\program files\perfect optimizer\Backup\Registry\fullbackup (PUP.PerfectOptimizer) -> Not selected for removal.
c:\program files\perfect optimizer\Backup\Service (PUP.PerfectOptimizer) -> Not selected for removal.
c:\program files\perfect optimizer\Temp (PUP.PerfectOptimizer) -> Not selected for removal.

Files Infected:
c:\Users\\downloads\perfectoptimizer_5.2.6.exe (PUP.PerfectOptimizer) -> Not selected for removal.
c:\program files\perfect optimizer\perfectoptimizer.ini (PUP.PerfectOptimizer) -> Not selected for removal.


There was no one in the house at the time who could have done it.
I am the only one who uses the computer.

I have the one and only administrator account.

The guest account is turned off.
The built-in administrator account is not enabled.




Thanks,
Look forward to your replies.
 

My Computer

I am very cautious when it comes to my own computer use. What has happened to you, to be honest, has never happened to me, but if it did I would not be overly concerned.
What I would do is look at the tutorials that I have given you and make sure that my computer was not set for automatic login. If it were, I would change the settings.
I would then go to the event viewer (type those words in search) and look for any warnings, errors or information notations that would explain the strange scenario that you describe.
If everything seems ok, I would just use and enjoy the computer in the way that I usually do.
If it does not happen again, I would forget about it. Every computer, from time to times malfunctions, could be due to a power surge or many other factors.
If it does happen on a regular basis I would use the computer in a clean boot mode (explained in my earlier post) or safe mode if necessary and if it turns out that in these modes there is no problem with login, then I would test. We have tests for corrupted drivers, programs, etc.
For now, we must make sure that the malware that was found by malwarebytes is removed (I doubt if that was the cause).
I have a feeling that this will not happen again, and I do not think anyone logged in, while you were gone, although a distinct possibility.
 

My Computer

System One

  • Manufacturer/Model
    Dell XPS420
    Memory
    6 gig
    Graphics card(s)
    ATI Radeon HD3650 256 MB
    Sound Card
    Intergrated 7.1 Channel Audio
    Monitor(s) Displays
    Dell SP2009W 20 inch Flat Panel w Webcam
    Hard Drives
    640 gb
    Cooling
    Fan
    Mouse
    Dell USB 4 button optical
    Keyboard
    Dell USB
    Other Info
    DSL provided by ATT
Hi try and see if your password auto-login is check marked in 'Ease of Access' centre.
 

My Computer

System One

  • Manufacturer/Model
    HP d530 SFF
    CPU
    Intel p4 3.00ghz, 2.99ghz with Hyperthreading
    Motherboard
    HP d530 SFF
    Memory
    1 gb
    Graphics card(s)
    Intel i865g, 96mb
    Sound Card
    Soundmax
    Monitor(s) Displays
    HP 1940 TFT monitor
    Screen Resolution
    60hz
    Hard Drives
    Western Digital Cavier Blue 320gb IDE HD
    PSU
    Compaq
    Case
    HP compaq
    Cooling
    Fan
    Mouse
    HP Optical Mouse
    Keyboard
    Techcom USB keyboard
    Internet Speed
    256kbs
From the tutorial given above

5. To Turn Off Automatic Log On
A) Check the Users must enter a user name and password to use this computer box. (See screenshot below step 6)

B) Click on OK.

C) Your done.
 

My Computer

System One

  • Manufacturer/Model
    Dell XPS420
    Memory
    6 gig
    Graphics card(s)
    ATI Radeon HD3650 256 MB
    Sound Card
    Intergrated 7.1 Channel Audio
    Monitor(s) Displays
    Dell SP2009W 20 inch Flat Panel w Webcam
    Hard Drives
    640 gb
    Cooling
    Fan
    Mouse
    Dell USB 4 button optical
    Keyboard
    Dell USB
    Other Info
    DSL provided by ATT
When I try to alter Automatic Login I get this screen.

But I am almost positive I do not have Automatic Login enabled. At my Login Screen, you have to type in a login name and then password. You don't select a user then put password in.

Thanks for all the help. I'll keep you updated if anything happens.
 

Attachments

  • Untjitled.jpg
    Untjitled.jpg
    36.8 KB · Views: 36

My Computer

The only thing that you can do at this point, is to use it in your normal way. If the problem does not return just use it and forget about it. You may have even put the login pasword in and then walked away. There are too many variables here to take time thinking about it, if it does not occur again.
If it does happen again, that would be another matter.

Has all the reported malware been removed?
 

My Computer

System One

  • Manufacturer/Model
    Dell XPS420
    Memory
    6 gig
    Graphics card(s)
    ATI Radeon HD3650 256 MB
    Sound Card
    Intergrated 7.1 Channel Audio
    Monitor(s) Displays
    Dell SP2009W 20 inch Flat Panel w Webcam
    Hard Drives
    640 gb
    Cooling
    Fan
    Mouse
    Dell USB 4 button optical
    Keyboard
    Dell USB
    Other Info
    DSL provided by ATT
Back
Top